Updated the monthly blog post

Signed-off-by: Simon Bennetts <[email protected]>
zaproxy · Mar 3, 2025 · 266ca40 · 266ca40
1 parent f53f916
commit 266ca40
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 12 deletions.
diff --git a/...ent/blog/2025-03-03-zap-updates-february-2025/images/zapbot-monthly-preview.png b/...ent/blog/2025-03-03-zap-updates-february-2025/images/zapbot-monthly-preview.png
diff --git a/...ent/blog/2025-03-03-zap-updates-february-2025/images/zapbot-monthly-updates.png b/...ent/blog/2025-03-03-zap-updates-february-2025/images/zapbot-monthly-updates.png
diff --git a/...-03-01-zap-updates-february-2025/index.md → ...-03-03-zap-updates-february-2025/index.md b/...-03-01-zap-updates-february-2025/index.md → ...-03-03-zap-updates-february-2025/index.md
@@ -1,28 +1,52 @@
 ---
 title: "ZAP Updates - February 2025"
 summary: >
-  TODO
+  Authentication, authentication, authentication... And there will be a 2.16.1 release "soon".
 images:
-- https://www.zaproxy.org/blog/2025-03-01-zap-updates-february-2025/images/zapbot-monthly-updates.png
+- https://www.zaproxy.org/blog/2025-03-03-zap-updates-february-2025/images/zapbot-monthly-updates.png
 type: post
 tags:
 - blog
 - update
-date: "2025-03-01"
+date: "2025-03-03"
 authors:
-- TODO
+- simon
 ---
 
-## Highlights
-TODO
-
 ## Ongoing Work
-TODO
 
-## New Contributors
-A very warm welcome to the people who started to contribute to ZAP this month!
+This month we've continued our focus on authentication. You probably will not notice many changes yet, but theres a lot going on behind the scenes!
+
+To make the changes more visible we've added a new set of [ZAP Authentication Tests](/docs/scans/auth/).
+
+We know that configuring ZAP to handle authentication is hard, so the aim is to make this much easier.
+One of our key focusses is [Browser Based Authentication](/docs/desktop/addons/authentication-helper/browser-auth/) along 
+with [Session Auto-Detection](/docs/desktop/addons/authentication-helper/autodetect-session/) and 
+[Verification Request Identification](/docs/desktop/addons/authentication-helper/verification-id/).
+This combination of features allows you to completely configure ZAP authentication by only providing the login URL and
+a valid set of credentials. All of the "stdbba" [Authentication Tests](/docs/scans/auth/) just provide this minimal set of data.
+As you will see, this works against most of the sites we're testing against.
+
+If [Browser Based Authentication](/docs/desktop/addons/authentication-helper/browser-auth/) does not work "out-of-the-box" then
+we have a new option for configuring it without having to go down the full "scripting" route. More details soon :grin:
+
+And if that doen't work then we have a new option to record client side scripts which you can use for authentication.
+Again, look out for more details coming soon!
+
+We are also looking at how to make it much easier to debug authentication issues.
+One part of the solution is a new [Authentication Report](/docs/desktop/addons/authentication-helper/auth-report-json/).
+This is currently just in JSON format but we plan to add HTML and potentially PDF versions as well.
+
+If you know of any other sites that anyone can sign up to which have tricky login screens then let us know!
+
+## ZAP Slack
+
+The [ZAP Slack](/slack/) is open to everyone - just signup via https://www.zaproxy.org/slack/
+
+## Next Release: 2.16.1
 
-TODO: Add from https://github.com/zaproxy/zap-core-help/pulls?q=is%3Apr+credits+is%3Aclosed
+We've found out that theres a bug in the Core which means you cannot update alerts via the Desktop GUI.
+As a result we'll be releasing a 2.16.1 bug fix release in the near future.
 
 ## GitHub Pulse
 Here are some statistics for the two main ZAP repositories:

diff --git a/site/content/docs/scans/auth.md b/site/content/docs/scans/auth.md
@@ -4,7 +4,19 @@ type: page
 EditableContent: true
 ---
 
-Authentication Test Results
+Testing ZAP authentication handling against a range of test and real world applications.
+
+Columns:
+
+* __Type__:
+  * __stdbba__:	Standard [Browser Based Authentication](/docs/desktop/addons/authentication-helper/browser-auth/), just the login URL and credentials, no additional configuration
+  * __bbaplus__:	[Browser Based Authentication](/docs/desktop/addons/authentication-helper/browser-auth/) with some additional additional configuration
+  * __csa__:		[Client Script Authentication](/docs/desktop/addons/authentication-helper/client-script/), using a client side Zest script to authenticate
+* __Auth__: Did ZAP succeed in authentication to this site? This is the key column
+* __Username__: Did ZAP find the username field? Only applicable to Browser Based Auth
+* __Password__:  Did ZAP find the password field? Only applicable to Browser Based Auth
+* __Session Mgmt__: Did ZAP identify the session management method?
+* __Verification__: Did ZAP identify a suitable verification URL?
 
 {{< auth-results >}}